Personal tools
You are here: Home support WiKID Documentation Center Installation How-tos How to install the WiKID Enterprise RPMs
Document Actions

How to install the WiKID Enterprise RPMs

This How-to applies to: WiKID Strong Authentication Server Enterprise Edition
This How-to is intended for: System Administrator

This document describes how to install the WiKID Strong Authentication Enterprise Edition using the RPMs.

Thank you for your interest in the WiKID Strong Authentication System for your two-factor authentication needs. We have made a number of changes in the 3.0 release, mostly in the underlying architecture. We are continuing to move away from an appliance-only model. As such, we have moved from multiple controller scripts (setup, start, stop, etc) to a single 'wikidctl' script that takes arguments start, stop, etc. We have packaged all webapps as WAR files and bundled Tomcat 5.5 with the server, so you should be able to drop the WARs into an existing servlet container.

Requirements

Hardware Requirements

  • 8+ gigs of hard drive space.
  • 1 gig of RAM
  • 2 Ethernet connenctions
  • Moderate CPU required
  • These hardware specs are for production. The server has been tested in a 256 meg RAM vmware image.

 

You need postgresql and Sun's JDK (not just the jre) version 6 to be installed. The package also likes to have a symlink to java in /opt, though the RPM will attempt to autocreate that link.

You can download the JDK from the Java site. Be sure to download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files or else the certificate generation will not work.

This command should install postgresql:

yum install postgresql postgreql-libs postgresql-jdbc postgresql-server postgresql-pl

To install all the needed software on one line:

yum install postgresql postgreql-libs postgresql-jdbc postgresql-server postgresql-pl compat-libstdc++-296 ntp system-config-date perl-libwww-perl

Make sure that postgresql is initialized:

service postgresql start

Our replication package requires compat-libstdc++-296 (and it's not yet a dependency) and we need perl-libwww-perl.

yum install compat-libstdc++-296 perl-libwww-perl

Make sure that alternatives has the correct Java:

/usr/sbin/alternatives --install /usr/bin/java java /usr/java/latest/bin/java 2
/usr/sbin/alternatives --config java

Test that the system is using the correct Java:

java -version

The WiKID rpms require ntp and system-config-date

yum install ntp system-config-date

Install the WiKID RPMs.

rpm -ivh wikid-enterprise...
rpm -ivh wikid-utilities...

Run

/opt/WiKID/sbin/wikidserver_config.sh

NB:  The script returns nothing.

Reboot the computer or run the following command:

/opt/WiKID/conf/templates/wikid-firstboot.sh

to get all the start-up scripts run. You will see a lot of database creation information.

Then run setup:

wikidctl setup

Select that you want to change your network settings. The script will pick up your existing network settings, walk you through them and create an SSL cert for the server. Once done, start the server:

wikidctl start

Go to http:// to complete the set up.

To stop the server:

wikidctl stop

From here, you can follow the standard documentation, such as the new 3.0 Quickstart Guide
or the Complete installation manual.

One key difference, tomcat is now inside /opt/WiKID, so the example.jsp file is now: /opt/WiKID/tomcat/webapps/WiKIDAdmin/example.jsp. The domain identifier is now paramaterized too. You can change in on line 41.

Ports:

The WiKID token clients require port 80. You can use NAT, but it needs to be routable for the token clients.

The following services may only need internal access based on your needs:

  • The WiKIDAdmin uses 443.
  • wAuth uses 8388
  • LDAP uses 10389
  • TACACS+ uses 49
You can NAT the WiKID IP. Use the public IP as the domain identifier so that the software tokens know how to connect to the server.

Troubleshooting:

You may need to install the JCE Unlimited Strength Jurisdiction Policy Files to avoid the "Illegal Key Size error".

If you can't login to the WiKIDAdmin site due to a bad username and password, there is probably an issue with database connectivity. Check that postgres is running on the proper port:

netstat -anp | grep 5432

Check that 127.0.0.1 is the first item in /etc/hosts and not the IPv6 ::1 listing.

Make sure that postgresql-jdbc is installed.

Disable SELinux.

Check that the pg_hba.conf file copied properly:

diff /opt/WiKID/conf/templates/pg_hba.conf and /var/lib/pgsql/data/pg_hba.conf

If you get any response to this command, you can copy the /opt/WiKID/conf/templates version to /var/lib/pgsql/data. However, this may indicate that the rpm did not fully install and you may want to reinstall